Listing of Claims 

1 . (withdrawn): A method characterized by the step of: / 

a) generating a display of privilege state data in a three-dimensional view. 

2. (withdrawn): A method as claimed in claim 1 wherein tne privilege state data include 
graphical symbols indicating at least "on" and "off" states. 

3. (withdrawn): A method as claimed in claim 1 Wherein the privilege state data includes 
graphical symbols indicating "on", "inherited ovt\ "public on", "off, "not set", and "disabled" 
states. / 

4. (withdrawn): A method as claimed iiVclaim 1 wherein the display includes privilege labels, 
object labels, and user labels generate/ based on privilege data, object data, and user data, 
respectively, the privilege labels, object labels, and user labels arranged along respective axes of 
the three-dimensional view. \ / / 

5. (withdrawn): A method as>claimed in claim 4 wherein the privilege state data are displayed in 
a plurality of cells arranged/n association with respective privilege labels, object labels, and user 
labels. _ / . . . . , . __. 

6. (withdrawn): A mefthod as claimed in claim 1 wherein the cells are displayed in association 
with privilege labels object labels, and user labels, the privilege labels identifying at least one 
privilege, the object labels identifying at least one object associated with the privilege, and the 
user labels identifying at least one user or group of users using the object in the network system. 

7. (withdrawn): A method as claimed in claim 6 .wherein the privilege labels, the object labels, 
and the user labels are arranged along respective transverse axes in the three-dimension view. 
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8. (withdrawn): A method as claimed in claim 6 wherein the privilege labels identifies data 
access, data view, and data flow privileges to access or transfer data pertaining to the object 
within or without the network system. 

9. (withdrawn): A method as claimed in claim 6 wherein the/privilege labels identifies data 
access privileges. 

10. (withdrawn); A method as claimed in claim 9 wherein the data access privileges include the 
capabilities to read, write, create, and delete data fo/an object stored in a database accessible by 
the network system. 

1 1 . (withdrawn): A method as claimed in clafim 6 wherein the object labels identifies data for at 
least one object stored in a database accessible by the network system. 



12. (withdrawn): A method as clgffmdjd in claj 
privileges including a privilege tc\c$6ate a vfew 



m 6 wherein the privilege labels identifies view 
of privilege state data for objects. 



13. (withdrawn): A method as Maimed in claim 1 wherein the user labels identifies at least one 
user group. 

14. (withdrawn): A methgfi as claimed in claim 1 wherein the user labels identifies at least one 
user. 

15. (withdrawn): A n/fethod as claimed in claim 1 wherein the privilege state data indicates 
privilege states of ay least one user or user group with respect to objects accessible in a network 
system. 



16. (withdrawn): A method as claimed in claim 1 wherein the privilege state data indicates 
privilege states of at least one user or user group with respect to data objects stored in a data 
storage unit 
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I ^J^famended): A method comprising the steps of: 

a) on a user interface of a terminal device generating a display of privilege state data in 
an array of cells in a three-dimensional view on a terminal device, the privilege state data of the 
cells displayed in correspondence with privilege labels, object labels, and user labels arranged 
along respective transverse axes of the three-dimensional viewr; 

b) with the user interface of the terminal device, inputting privilege state data into at least 
one cell of the array using at least one privilege label object label and user label; 

c) determining the privilege data, object data, and user data corresponding to the cell in 
which the privilege state data is input in the step (b); 

d) storing the privilege state data in a memory in correspondence with respective 
privilege data, object data, and user data determined in step (c) for the cell in which the privilege 
state data was input in the step (b); and 

e) updating the display to include a privilege state symbol corresponding to the privilege 
state data input by the user in the step (b), based on the privilege state data stored in the memory 
in the step (d). 

1 8 (cancelled) 

^^(original): A method as claimed in claim ^/wherein the privilege state data includes data for 
"on", "inherited on", "public on", "off', "not set", and "disabled" states. 

2$ (original): A method as claimed in claim j^wherein the privilege state data toggles between 
the "on", "inherited on", "public on", "off \ "not set", and "disabled" states with successive 
activations of an input device of the user interface. 

A i 

^^(amended): A method as claimed in claim 4^v/further characterized by the steps of: 

f) with the user interface of the terminal device, selecting at least one of the privilege 
labels, object labels, or user labels; and 

g) modifying the display of the privilege state data by removing or adding cells to the 
three-dimensional view, based on the step (f). 
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1 y I 

^2^(amended): A method as claimed in claim +8^7wherein the user data identifies first and 
second user entities related by predetermined hierarchical relationship data and the privilege state 
data is input in the step (b) in at least one cell corresponding to first user entity, the method 
further characterized by the steps of: 

f) determining whether the second user entity inherits privilege state data from the first 
user entity, based on the hierarchical relationship data; and 

g) if the determination in the step (f) establishes that the second user entity inherits the 
privilege state data from the first user entity, storing the privilege state data input in the step (b) 
in correspondence with the user data for the second entity and the object data and privilege data 
for which the privilege state data was input in the step (b). 

^ i 

^ Th (amended): A method as claimed in claim \% wherein the user data identifies 

dependencies between first and second object data related by predetermined dependency data, the 
method further characterized by the steps of: 

f) determining whether the second object data inherits privilege state data from the from 
the first object data, based on the predetermined dependency data; and 

g) if the determination in the step (f) establishes that the second object data inherits 
privilege state data from the first object data, storing the privilege state data input in the step (b) 
in correspondence with the user data for the second entity and the object data and privilege data 
for which the privilege state data was input in the step (b). 



(amended): A method as claimed in claim 4&^wherein the user data identifies 
dependencies between first and second privilege data related by predetermined dependency data, 
the method further characterized by the steps of: 

f) determining whether the second privilege data inherits privilege state data from the 
from the first privilege data, based on the predetermined dependency data; and 

g) if the determination in the step (f) establishes that the second privilege data inherits 
privilege state data from the first privilege data, storing the privilege state data input in the step 
(b) in correspondence with the user data for the second entity and the object data and privilege 
data for which the privilege state data was input in the step (b). 
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25 (withdrawn): A network system characterized by: 

at least one terminal device having a user interface genej&ting a display of privilege state 
symbols in an array of cells in a three-dimensional view, the^ells displayed in correspondence 
with privilege labels, object labels, and user labels arranged along respective transverse axes of 
the three-dimensional view; 

a data storage unit coupled to the terminal deylce, the data storage unit storing 
corresponding privilege data, object data, user dat& and privilege state data, the privilege labels 
generated based on privilege data, the object labels generated based on respective object data, the 
user labels generated based on respective us^r labels, and the privilege state symbols generated 
based on the privilege state symbols; and 

at least one server coupled to the/terminal device and the data storage unit, the server 
transmitting privilege data, object dat^, user data, and privilege state data between the terminal 
device and the data storage 



26 (withdrawn): A network sy^tenfas claimed in claim 25 wherein the display is generated on 
the user interface by an application program running on the terminal device, the application 
program including an application program interface to convert privilege state data, privilege data, 
object data, user data, int<vprivilege state symbols, privilege labels, object labels, and user labels, 
respectively, for the thre^e-dimensional view for the display on the user interface of the terminal 
device. 



27 (withdrawn): AA article of manufacture for use with a terminal device, the article 
characterized by at storage medium having an application program for generating a display of 
privilege state in a three-dimensional view on a terminal device. 
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